In an effort to keep our members informed of current online security threats, we wanted to let you know about about a new trend we’re seeing from scammers who are impersonating large businesses through email and phone calls. These suspicious phishing emails are circulating inboxes in an attempt to gain access to personal and secure business networks. This is something you should be very careful about for both your personal and work email accounts and as always, when answering calls from unknown numbers.
Most recently, several UHCU members have shared that they received emails and phone calls impersonating Amazon.com. We want to be clear that these emails and calls are NOT actually from Amazon. These are prime examples of fraudsters attempting to impersonate large, legitimate businesses that many people know, trust and use quite frequently. And with the holidays fast approaching, these attacks will probably continue to increase. Therefore, we’ve put together the top red flags to look for when evaluating whether an email is legitimate or potentially fraudulent.
Who is the actual sender?
This may sound like an easy thing to determine, but this is the top way scammers are able to dupe their victims. Unfortunately, it is pretty easy to set up an email to look like it is coming from “Amazon.com.” However, the actual “firstname.lastname@example.org” email address is what you should actually be double-checking. Looking at the image below, you can see that the actual email address has nothing to do with Amazon – big red flag!
Is there a “To” address (i.e. your email address)?
This may or may not be the case, but a lot of times, these scammers are sending emails to hundreds or thousands of victims to increase their chances of someone taking the bait. Some are more sophisticated about it, but sometimes, they hide the “To” email addresses, which is a dead giveaway that it is not a legitimate email. A business that sends you an email will include your email address.
Where are the links trying to send you?
Another way to tell if an email is a phishing attempt is to hover over (DO NOT CLICK!) the links or URLs to see what pops up. Please see the images below as examples of this tactic. As you’ll see, the written out links in the email make it look like you will be taken to the Amazon website, but when hovered over, the URL actually programmed into the email is completely different. Clicking on the links could lead to any number of problems, including infecting your computer with spyware, trying to access the network you’re connected to and much more.
It is very important to inspect every email you receive. Ask yourself questions such as:
- "Do I have an account with this company?"
- If I have an account with this company, does it use this specific email address or phone number? (i.e. Do you have an Amazon account with your work email address?)
- If I have an account using this email address or phone number, did I recently place an order?"
Even if you answer “Yes” to all of these questions, the email could still be impersonating a legitimate business and you should check the items outlined above.
What about phone calls?
Scammers are still using phone calls to prey on unsuspecting potential victims. And once again, with the holidays fast approaching, these calls could become more frequent and more intelligent. Most recently, someone reported a phone call impersonating Amazon saying something about purchasing a gift card and if they had NOT purchased a gift card recently, to press a number. This is very tricky, because they are betting on the fact that most people will know they did not recently purchase a gift card and might press a number and move further into their scam attempt. It's a good rule of thumb to be suspicious of any call you do not recognize, until you can 100% verify it is legitimate. It is also good to pay attention to some of the wording being used. Do they only reference a "major credit card company," "your credit card," "your insurance," "your student loan?" Scammers often keep their wording very generic in order to cast a wider net. The best rule of thumb is - if you feel uncomfortable, hang up the phone.
Another thing to note about phone calls is that legitimate businesses do not call out of the blue to verify any of your personal information. And if someone from a legitimate business does have to call a member/customer, they should have protocols they follow in order to authenticate themselves before discussing anything related to your personal information. If you're ever unsure, you can hang up and call the number listed on a business website, back of your card, etc. and ask if they are, in fact, reaching out to customers about certain information.
Unfortunately, scammers are becoming more and more savvy with their attacks and consumers have to be as vigilant as possible. As a reminder, United Heritage Credit Union takes these measure very seriously. We do our best to only include links to our website or trusted partners in our emails. Our promotional emails contain “@uhcu.org” in the From/Sender line. We are always working to update and enhance our security measures to stay on top of the most recent security threats. We hope this information is helpful for our members.